package icu.javayanglei.config;

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;


/**
 * spring security 配置类
 * EnableWebSecurity 开启 WebSecurity 模式
 *
 * @author yang
 * @version 1.0.0
 * @date 2020-11-02 15:05
 */
@EnableWebSecurity

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/js/**", "/css/**", "/images/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 定制请求的授权规则
        // 首页所有人可以访问
        http.authorizeRequests()
                // /api/wallpaper/** 需要 admin 权限
                .antMatchers("/api/wallpaper/**").hasRole("admin")
                .antMatchers("/**").hasRole("admin")
                .and()
                // 跳转到登陆界面
                .formLogin()
                .and()
                //  解决 Refused to display in a frame because it set 'X-Frame-Options' to 'deny'.
                .headers().frameOptions().sameOrigin()
                .and()
                .csrf().disable();
    }


    @Bean
    PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("王婧")
                .password("1128").roles("admin")
                .and()
                .withUser("杨磊")
                .password("1123").roles("admin");
    }
}
